I am using Kubernetes Java client API https://github.com/kubernetes-client/java for fetching all namespaces present. I am Getting Error-
io.kubernetes.client.ApiException: java.net.ConnectException: Failed to connect to localhost/127.0.0.1:443
at io.kubernetes.client.ApiClient.execute(ApiClient.java:801)
at io.kubernetes.client.apis.CoreV1Api.listNamespaceWithHttpInfo(CoreV1Api.java:15939)
at io.kubernetes.client.apis.CoreV1Api.listNamespace(CoreV1Api.java:15917)
at com.cloud.kubernetes.KubernetesNamespacesAPI.fetchAllNamespaces(KubernetesNamespacesAPI.java:25)
at com.cloud.spark.sharedvariable.ClouzerConfigurations.setKubernetesEnvironment(ClouzerConfigurations.java:45)
I tried creating cluster role binding and giving permission to the user.
Here is my code snippet:
public static List<String> fetchAllNamespaces(){
try {
return COREV1_API.listNamespace(null, "true", null, null, null, 0, null, Integer.MAX_VALUE, Boolean.FALSE)
.getItems().stream().map(v1Namespace -> v1Namespace.getMetadata().getName())
.collect(Collectors.toList());
}catch(Exception e) {
e.printStackTrace();
return new ArrayList<>();
}
}
Please let me know if I am missing anything. Thanks in advance.
Localhost inside pod is not the same as localhost on nodes. Inside pods try using this URL: https://kubernetes.default.svc
I am always getting the below error .. any help
13:50:00.046 [main] WARN io.kubernetes.client.util.credentials.ClientCertificateAuthentication - Could not create key manager for Client Certificate authentication. java.security.cert.CertificateException: No certificate data found at sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:456) at sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:356) at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:462) at io.kubernetes.client.util.SSLUtils.createKeyStore(SSLUtils.java:149) at io.kubernetes.client.util.SSLUtils.createKeyStore(SSLUtils.java:92) at io.kubernetes.client.util.SSLUtils.keyManagers(SSLUtils.java:72) at io.kubernetes.client.util.credentials.ClientCertificateAuthentication.provide(ClientCertificateAuthentication.java:37) at io.kubernetes.client.util.credentials.KubeconfigAuthentication.provide(KubeconfigAuthentication.java:39) at io.kubernetes.client.util.ClientBuilder.build(ClientBuilder.java:300) at com.ci.test.staros.attr._CheckKubernetesAPi.main(_CheckKubernetesAPi.java:27) Exception in thread "main" java.lang.RuntimeException: java.security.cert.CertificateException: No certificate data found at io.kubernetes.client.util.credentials.ClientCertificateAuthentication.provide(ClientCertificateAuthentication.java:46) at io.kubernetes.client.util.credentials.KubeconfigAuthentication.provide(KubeconfigAuthentication.java:39) at io.kubernetes.client.util.ClientBuilder.build(ClientBuilder.java:300) at com.ci.test.staros.attr._CheckKubernetesAPi.main(_CheckKubernetesAPi.java:27) Caused by: java.security.cert.CertificateException: No certificate data found at sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:456) at sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:356) at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:462) at io.kubernetes.client.util.SSLUtils.createKeyStore(SSLUtils.java:149) at io.kubernetes.client.util.SSLUtils.createKeyStore(SSLUtils.java:92) at io.kubernetes.client.util.SSLUtils.keyManagers(SSLUtils.java:72) at io.kubernetes.client.util.credentials.ClientCertificateAuthentication.provide(ClientCertificateAuthentication.java:37) ... 3 more
package com.ci.test.staros.attr;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import io.kubernetes.client.ApiClient;
import io.kubernetes.client.ApiException;
import io.kubernetes.client.Configuration;
import io.kubernetes.client.apis.CoreV1Api;
import io.kubernetes.client.models.V1Pod;
import io.kubernetes.client.models.V1PodList;
import io.kubernetes.client.util.ClientBuilder;
import io.kubernetes.client.util.KubeConfig;
public class _CheckKubernetesAPi {
public static void main(String[] args) throws FileNotFoundException, IOException, ApiException {
String token = "eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tNzI4cGYiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImEwOGMwMDc5LTRlOGYtMTFlYS1iMzgyLTAwNTA1NjljZjJkNyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.rUencmFEEK5QXf8THeThNN6kE69HoIR0Ifn9H3uVRkWjKm4Dj9_tNjCuU0qQwQVGNvOTMOT5ghuVoHLszRN1fFOS38v-cedAaVcNLqH0u5RygGNufRxCw6rrpHnKEPxMVxoBb5FO13U5AXNQ-r9xhEuzse4IUbgMAK3IhNXr224h7C1FeakPgcTCPupVXU1s9j89tqJ-qk65F47lbd944NhWYqK3ROEIBteOnFn0NE0_k_GJk8HJzkeW4DlzsavHQI_m6cLEhxN2cbS0BxmAcAFXr-3myuqr-yowi3S3TcrHOe-HK2ly0ivzBEBMEV8FdAao8DOEQ58e-8w-eLRDww";
// file path to your KubeConfig
String kubeConfigPath = "kube/config";
// loading the out-of-cluster config, a kubeconfig from file-system
ApiClient client =
ClientBuilder.kubeconfig(KubeConfig.loadKubeConfig(new FileReader(kubeConfigPath))).build();
// client.setAccessToken(token);
client.setApiKey(token);
client.setVerifyingSsl(false);
// set the global default api-client to the in-cluster one from above
Configuration.setDefaultApiClient(client);
// the CoreV1Api loads default api-client from global configuration.
CoreV1Api api = new CoreV1Api();
// invokes the CoreV1Api client
V1PodList list =
api.listPodForAllNamespaces(null, null, null, null, null, null, null, null, null);
for (V1Pod item : list.getItems()) {
System.out.println(item.getMetadata().getName());
}
}
}
I'm facing the same exception too. After several survey to the client lib's source code, I think you need to make sure of two things.
Which way do you use to config your connection
The first thing here may not correlated to your case or the lib. The api client lib supports three ways of configuration, to communicate with K8S apiserver from both inside of pod or out of cluster.
If you are using the lib inside a Pod, normally it will try to using the third way.
How you bootstrap your client.
You must keep in mind to invoke
Configuration.setDefaultApiClient(apiClient);
before you init a CoreV1Api or your CRD api. The reason is quite simply, because under all of the Api class, for example under the class of io.kubernetes.client.api.CoreV1Api
public class CoreV1Api {
private ApiClient apiClient;
public CoreV1Api() {
this(Configuration.getDefaultApiClient());
}
...
}
If you haven't set the Configuration's defaultApiClient, it will use all default config, which the basePath will be localhost:443, then you will face the error.
Under the example package, The client has already created lots of examples and use case. The full configuration logic may be as below:
public class Example {
public static void main(String[] args) throws IOException, ApiException {
ApiClient client = Config.defaultClient();
Configuration.setDefaultApiClient(client);
// now you are safe to construct a CoreV1Api.
CoreV1Api api = new CoreV1Api();
V1PodList list =
api.listPodForAllNamespaces(null, null, null, null, null, null, null, null, null);
for (V1Pod item : list.getItems()) {
System.out.println(item.getMetadata().getName());
}
}
}
Just keeps in mind, order is important if you are using default constructor to init a XXXApi.